i have multiple web pages jsp and i use for the resubmit in refresh response.sendredirect("blabla.jsp") but one page work good , another page wen i press submit it go to a blank page and the row added to database, any solution for this problem ? thank you
`
<% String UC1 = "INIT";
if (request.getParameter("add_spec") != null) {
UC1 = "ADD_SPEC";
}
if (UC1.equals("INIT")) {
List<Speciality> specs = SpecialityController.INSTANCE.findAll();
%>
<%#include file="./WEB-INF/Add_Spec.jspf" %>
<%#include file="./WEB-INF/view_all_specs.jspf" %>
<%}
if (UC1.equals("ADD_SPEC")) {
String spec = request.getParameter("speciality");
SpecialityController.INSTANCE.create(new Speciality(spec));
List<Speciality> specs = SpecialityController.INSTANCE.findAll();
response.sendRedirect("main_admin.jsp");
%>
<%#include file="./WEB-INF/Add_Spec.jspf" %>
<%#include file="./WEB-INF/view_all_specs.jspf" %>
<% }
%>
`
You can use the Post/Redirect/Get pattern.
When a web form is submitted to a server through an HTTP POST request,
a web user that attempts to refresh the server response in certain
user agents can cause the contents of the original POST request to be
resubmitted, possibly causing undesired results, such as a duplicate
web purchase.
To avoid this problem, many web developers use the PRG
pattern - instead of returning a web page directly, the POST operation returns a redirection command.
In other words, when you submit the data, you should redirect to the page on which you can view (get) the data you've just added.
That way, refreshing will not resubmit the data.
Alternatively, you could use a CSRF/XSRF-like token.
Though this example is in PHP, you should understand the gist of it.
Update
Even better, you can check out this example for CSRF https://services.teammentor.net/article/00000000-0000-0000-0000-000000040a2e
Related
I wrote the below code to test the status of msgCode. If the msgCode is not Success it should redirect to error.jsp file. If it is a Success it should stay on the same page . When I ran the code the page always redirects to error.jsp although msgCode is Success. What mistake did I do in my code. Can you please help me if you can. Thank in advance.
<%# page import="com.siebel.SurveyWebService.SurveyTester" %>
<%
SurveyTester tc = new SurveyTester();
tc.getResult();
java.lang.String msgCode = tc.getResult2().getStatusCode();
%>
<%= msgCode%>
<%
if (msgCode.toString() != "Success")
{
response.sendRedirect("error.jsp");
}
%>
First of all, you should use equal method for string comparison. Secondly, even though it's not a problem at the moment but you are creating objects in your jsp and faking the response. tc.getResult2().getStatusCode() is not an actual HTTP response from server.
I want to perform an action on a JSP if redirected from a specific servlet only else do nothing.Is it possible?
In my JSP there are different errors defined. This JSP calls a servlet (with contentType as application/pdf) which opens in a new tab and searches for a PDF for 25 seconds and then if PDF is not found redirects to same JSP which shows the error message "File not found". I want to show the error if called from servlet only else do nothing.
JSP Code:
<%}else if(hPP!=null && hPP.get("errorcode")!=null && hPP.get("errorcode").toString().equalsIgnoreCase("Issue")){%>
<c:if test="${cameFromServlet}">
<div class="SplInputField">
<label class="FontBlod">Download fail</label>
</div>
</c:if>
servlet code
if (content == null) {
request.setAttribute("cameFromServlet", true);
String redirectJspUrl = request.getParameter("homeRedirect");
String strReceiptPage =
redirectJspUrl.substring(0, redirectJspUrl.lastIndexOf("/")) +
"/GetQReceiptPage";
response.sendRedirect(strReceiptPage);
}
Add an attribute to the request in the servlet like this
httpservletRequest.setAttribute("cameFromServlet", true)
then in your JSP check for it
<c:if test="${cameFromServlet}">
DO STUFF HERE
</c:if>
EDIT:
What you have done in your edit will not work, since you are doing a redirect. Which means the browser is sent a 302 response to tell it to issue another request against the new url. Do you have a specific requirement to change the url for the user? If so you will need to add the cameFromServlet attribute to the session instead - like this:
req.getSession().setAttribute("cameFromServlet", true);
Bare in mind though, that cameFromServlet attribute will remain on the session until you unset it so if there was another time that jsp page is shown you will run into problems unless you do something to unset it - either by introducing another servlet in the middle and moving it from the session to the request - thus simulating Springs flash map behaviour or unset it in the JSP after you have used it - like this:
<c:remove var="cameFromServlet" scope="session" />
If you do not need the URL to change for the user, you can change your servlet code to make use of a request dispatcher (what I thought you were doing)
RequestDispatcher requestDispatcher = req.getRequestDispatcher("/yourjsp.jsp");
requestDispatcher.forward(req, resp);
I have a jsp page with a form that when it’s submitted goes to a Servlet that inserts the form data into the database.
When the data is inserted into the database, I’m trying to get the browser back to my jsp page and show a javascript alert saying that the data was inserted successfully, my code is the following:
RequestDispatcher rd;
if(dao.insertClient(client)) {
rd = getServletContext().getRequestDispatcher("/pages/clients.jsp");
rd.include(request, response);
out.print(
"<script type=\"text/javascript\">"
+ "alert("Client inserted successfully!");"+
"</script>"
);
}
This code is doing exactly what I want, but this method getRequestDispatcher() redirects the page to the servlet itself, and the URL is like http://localhost:8080/Servlet, this way I can’t access any intern link of the page, since the links to the other pages obviously are outside of the servlet context, and the glassfish returns the 404 error.
Instead of using getRequestDispatcher(), I’ve tried using the response.sendRedirect(), this way I can insert the data into the database and access the intern links, but the javascript alert isn’t shown.
Somebody has a suggestion on how I can redirect the page to the clients.jsp and display the javascript alert?
Thanks!
you can try another approach :
Set parameter from servlet like this :
RequestDispatcher rd;
if(dao.insertClient(client)) {
rd = getServletContext().getRequestDispatcher("/pages/clients.jsp");
request.setAttribute("isSuccess", "success");
rd.include(request, response);
}
access the parameter in jsp to check whether to show alert or not.
<%
String result = request.getParameter("isSucess");
if("success".equals(result)){
%>
<script type="text/javascript" >
alert("Client inserted successfully!");
</script>
<%
}
%>
I am developing an application with spring 3 struts 2 and hibernate. After login only i have to display the pages
It is working fine. when i testing i found the big mistake
that is i copy the url of the page which needs to display only to logged-in user
and paste it in other browser means it is displaying the page without login.
<%
String userId= (String)session.getAttribute("userId");
System.out.println(userId);
if(userId == null || userId.equals("") ){
response.sendRedirect("login.jsp");
}
%>
I have included this for all jsp. I know this is not a best practice. Is any better option available?
How would i overcome this error?
if(userId == null || userId.equals("") ){
response.sendRedirect("login.jsp");
}
should probably have a return in there to prevent rendering the page content:
if(userId == null || userId.equals("") ){
response.sendRedirect("login.jsp");
return;
}
Nothing in the javadoc suggests that sendRedirect causes abrupt exit or causes the response body to not be shipped to the client.
What is probably happening is that your response contains a redirect header, but also contains the page content which you might not have meant to send.
I am still at education so do know how good is my solution , but i did not crash so hope it is correct
and it is quite similar to #muthu 's code
I had used JPA-eclipselink and Struts2
Action Class
String checkLogin = "SELECT user FROM UserEntity user WHERE user.username = :username AND user.password = :password";
Query checkLoginQuery = em.createQuery(checkLogin);
checkLoginQuery.setParameter("username", loginUsername);
checkLoginQuery.setParameter("password", loginPassword);
userEntity = (UserEntity) checkLoginQuery.getSingleResult();
Map sessionMap = ActionContext.getContext().getSession();
sessionMap.put("userEntity", userEntity);
JSP -> all jsp pages have this(bug:affected if session is not killed when browser is not closed )
<%# taglib prefix="s" uri="/struts-tags" %>
<s:if test="%{#session.userEntity == null}">
<jsp:forward page="login.jsp"/>
</s:if>
Correct me if I am wrong
Quoting this page
Both and RequestDispatcher.forward() are what I refer to as "server-side" redirects
The response.sendRedirect() is what I call a "client-side" redirect.
so a server side forward looks more safe to me , maybe I am wrong (I am sorry if I am miss interpreting it ,not worked in real life projects yet)
I currently have the following includes at the top of all of my jsp files:
<%# include file="inc/inc_cookie_login.jsp"%>
<%# include file="inc/inc_protect_page.jsp"%>
<%# include file="inc/inc_log_access.jsp"%>
The jsps have scriptlets that check for cookie and set a user object in the session if cookie exists, prevents access to the jsp unless a session has been set, write to a text file the User IP, name, page accessed, etc.,respectively.
The scriptlet approach above has worked fine but now that I have a better server set up and can utilize a web.xml file, I have been refactoring my app to best practices. The above is screaming FIXME! Should I be investigating listeners, filters, ?, or is my current approach adequate?
=== inc_cookie_login.jsp ====
<%# page import="model.STKUser"%>
<%# page import="model.STKUserCookie"%>
<%# page import="data.STKUserDAO"%>
<%
if ( request.getSession().getAttribute("STKUserSession") == null) {
STKUserCookie userCookie = new STKUserCookie(request);
String userBadge = userCookie.getUserID();
STKUserDAO userDAO = new STKUserDAO();
STKUser user = userDAO.getUser(userBadge);
if (user != null) {
user.setIpAddress(request.getRemoteAddr());
userDAO.updateLoginCount(user);
request.getSession().setMaxInactiveInterval(36000); //set to 10 hours
request.getSession().setAttribute("STKUserSession", user);
}
}
%>
This looks like a good one to be replaced by a filter. Create the filter class and ref it with a pattern in your web.xml. Scriptlets should not be used unless all other options have been reasonably exhausted.